A new, evidence-based, theory for knowledge reuse in security risk analysis

被引：1

作者：

Labunets, Katsiaryna ^{[1
]}

Massacci, Fabio ^{[2
,3
]}

Paci, Federica ^{[4
]}

Tuma, Katja ^{[2
]}

机构：

[1] Univ Utrecht, Utrecht, Netherlands

[2] Vrije Univ Amsterdam, Amsterdam, Netherlands

[3] Univ Trento, Trento, Italy

[4] Univ Verona, Verona, Italy

来源：

EMPIRICAL SOFTWARE ENGINEERING | 2023年 / 28卷 / 04期

关键词：

Information security; Risk assessment; Empirical study; Knowledge reuse; THREAT ANALYSIS; ATTACK TREES; MANAGEMENT; COMMUNITIES; DISCOURSES; SYSTEMS; IF;

D O I：

10.1007/s10664-023-10321-y

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Security risk analysis (SRA) is a key activity in software engineering but requires heavy manual effort. Community knowledge in the form of security patterns or security catalogs can be used to support the identification of threats and security controls. However, no evidence-based theory exists about the effectiveness of security catalogs when used for security risk analysis. We adopt a grounded theory approach to propose a conceptual, revised and refined theory of SRA knowledge reuse. The theory refinement is backed by evidence gathered from conducting interviews with experts (20) and controlled experiments with both experts (15) and novice analysts (18). We conclude the paper by providing insights into the use of catalogs and managerial implications.

引用

页数：33

共 50 条

[41] The Knowledge of Nurses about Evidence-based Guideline in Patients with Acute Ischemic Stroke
Yeganeh, Mohammad Reza
Bagheri, Zahra Farhang
Mohammadi, Tahereh Khaleghdoost L.
Roshan, Zahra Atrkar
Pouralizadeh, Moluk
JOURNAL OF PHARMACEUTICAL RESEARCH INTERNATIONAL, 2019, 27 (01)
[42] A renaissance in diabetic foot care: new evidence-based treatments
Edmonds, Michael
LANCET DIABETES & ENDOCRINOLOGY, 2018, 6 (11): : 837 - 838
[43] AN EVIDENCE-BASED RISK DECISION SUPPORT APPROACH FOR METRO TUNNEL CONSTRUCTION
Guo, Yifan
Zheng, Junjie
Zhang, Rongjun
Yang, Youbin
JOURNAL OF CIVIL ENGINEERING AND MANAGEMENT, 2022, 28 (05) : 377 - 396
[44] Evidence-based risk assessment and treatment: The necessary conditions of an optimal implementation
Guay, J-P
Lafortune, D.
PRATIQUES PSYCHOLOGIQUES, 2015, 21 (03) : 293 - 303
[45] Evidence-based risk assessment and recommendations for physical activity clearance: pregnancy
Charlesworth, Sarah
Foulds, Heather J. A.
Burr, Jamie F.
Bredin, Shannon S. D.
APPLIED PHYSIOLOGY NUTRITION AND METABOLISM, 2011, 36 : S33 - S48
[46] Risk assessment with actuarial and clinical methods: Measurement and evidence-based practice
Mendoza, Natasha S.
Rose, Roderick A.
Geiger, Jennifer M.
Cash, Scottye J.
CHILD ABUSE & NEGLECT, 2016, 61 : 1 - 12
[47] Threat Analysis of IoT Security Knowledge Graph Based on Confidence
Zhang, Shuqin
Zhang, Minzhi
Li, Hong
Bai, Guangyao
EMERGING TECHNOLOGIES FOR EDUCATION, SETE 2021, 2021, 13089 : 254 - 264
[48] Index Reduction for Information systems security risk assessment Based on Rough Set Theory and Hierarchic Analysis
Fu, Yu
Wu, Xiaoping
Zhu, Tingting
2009 THIRD INTERNATIONAL SYMPOSIUM ON INTELLIGENT INFORMATION TECHNOLOGY APPLICATION, VOL 3, PROCEEDINGS, 2009, : 370 - 374
[49] A Graph-Based Evidence Theory for Assessing Risk
Santini, Riccardo
Foglietta, Chiara
Panzieri, Stefano
2015 18TH INTERNATIONAL CONFERENCE ON INFORMATION FUSION (FUSION), 2015, : 1467 - 1474
[50] A Routine Activities Approach to Evidence-Based Risk Assessment: Findings From Two Simulated Phishing Attacks
Maimon, David
Howell, C. Jordan
Perkins, Robert C.
Muniz, Caitlyn N.
Berenblum, Tamar
SOCIAL SCIENCE COMPUTER REVIEW, 2023, 41 (01) : 286 - 304

← 1 2 3 4 5 →